Andrew Bartlett [Fri, 4 Jul 2003 13:35:35 +0000 (13:35 +0000)]
Update WHATSNEW with the further LDAP schema changes in previous commit.
Andrew Bartlett
(This used to be commit
81f84cc57fb39cc8d5edf8cf1005159c67031142)
Andrew Bartlett [Fri, 4 Jul 2003 13:29:42 +0000 (13:29 +0000)]
This patch cleans up some of our ldap code, for better behaviour:
We now always read the Domain SID out of LDAP. If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP. We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap). If we fail to read/add the domain entry, we just
fallback to the old behaviour.
We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available. This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added. Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.
The code now allows modifications to the ID mapping in many cases.
Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).
The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'. This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.
On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.
We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate. Instead, we just start at the bottom
of the range, and increment again if the user already exists. The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.
Thanks to metze and AB for double-checking parts of this.
Andrew Bartlett
(This used to be commit
9c595c8c2327b92a86901d84c3f2c284dabd597e)
Alexander Bokovoy [Fri, 4 Jul 2003 09:56:50 +0000 (09:56 +0000)]
Fix memleak in groupdb. Spotted by Metze
(This used to be commit
5280c6953195c2664628ecaab59ea82b4863e8f7)
Tim Potter [Fri, 4 Jul 2003 03:03:47 +0000 (03:03 +0000)]
Display libraries detected by configure but before configure
summary as suggested by abartlet.
(This used to be commit
7b2c6181b17a0d62043569ffa49cdf6c5b0b6859)
Eloy Paris [Fri, 4 Jul 2003 01:51:06 +0000 (01:51 +0000)]
Debian updates.
(This used to be commit
c14fca49e99395c064b0365e902dd97119974bb6)
Jeremy Allison [Thu, 3 Jul 2003 19:11:31 +0000 (19:11 +0000)]
Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit
ff222716a08af65d26ad842ce4c2841cc6540959)
Gerald Carter [Thu, 3 Jul 2003 17:18:07 +0000 (17:18 +0000)]
Fix for bug #199 (xp driver uploads). Needed to support
the "OSVersion" print server data value.
(This used to be commit
02bc7be1ac6b75bf6559ea684bbc89ab3e19402e)
Gerald Carter [Thu, 3 Jul 2003 16:23:11 +0000 (16:23 +0000)]
fix for bug #200. flush connections if the machine trsut account
changed underneath us.
(This used to be commit
6a1ad1ded1d619394ed4ca9e05fdffaa3b902b3b)
Andrew Bartlett [Thu, 3 Jul 2003 14:56:04 +0000 (14:56 +0000)]
Missed this in the previous patch - we now have a seperate idea of the
'unix username' from the NT username, in the auth subsystem at least.
Andrew Bartlett
(This used to be commit
df1aa2a669edc9f26007595411720742d7dff5d9)
Andrew Bartlett [Thu, 3 Jul 2003 14:36:42 +0000 (14:36 +0000)]
This patch takes the work the jerry did for beta2, and generalises it:
- The 'not implmented' checks are now done by all auth modules
- the ntdomain/trustdomain/winbind modules are more presise as to
what domain names they can and cannot handle
- The become_root() calls are now around the winbind pipe opening only,
not the entire auth call
- The unix username is kept seperate from the NT username, removing the
need for 'clean off the domain\' in parse_net.c
- All sid->uid translations are now validated with getpwuid() to put a very
basic stop to logins with 'half deleted' accounts.
Andrew Bartlett
(This used to be commit
85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
Tim Potter [Thu, 3 Jul 2003 05:58:55 +0000 (05:58 +0000)]
Some fixes for ads printer publish:
- check error return for cli_full_connection() when trying to obtain
printer data
- check error return on ads_find_machine_acct()
- Minor reformatting to separate fetching printer data from publishing it
(This used to be commit
94fe3b2cdfa67c9d74edc00a436b5eacbf3e0dc4)
Tim Potter [Thu, 3 Jul 2003 05:08:51 +0000 (05:08 +0000)]
Implemented 'net ads printer search' which searches the directory for
published printers.
At the moment we don't search using any parameters but this can be
fixed by changing the LDAP search string. Also we should contact
the global catalog at SRV _gc._tcp instead of the ldap server we
get back from ads_startup().
(This used to be commit
814519c5de7f962623163b732c8589abd355d845)
Gerald Carter [Thu, 3 Jul 2003 04:54:49 +0000 (04:54 +0000)]
fix bug #190; WINS server was getting marked as dead when it was not.
(This used to be commit
fa354f3ceefe53bdfd4f543559041d337b75613f)
Tim Potter [Thu, 3 Jul 2003 04:12:54 +0000 (04:12 +0000)]
Fix bug in doxygen comments for ads search functions.
(This used to be commit
ae6c05ea726da13fc1a18398d1ffe56f34e1edb9)
Eloy Paris [Thu, 3 Jul 2003 04:06:28 +0000 (04:06 +0000)]
More Debian updates.
(This used to be commit
1f7de8c42e05c70cdb76c4f917b7ff128f5249e6)
Gerald Carter [Thu, 3 Jul 2003 03:56:16 +0000 (03:56 +0000)]
well this was easy...
When winbindd is running on a PDC the SAM_ACCOUNT for a trusted user
has a username of DOMAIN\user. Make sure to trim the domain part
from the username when filling in the net_sam_logon reply.
This fixes the browsing issues i was seen across domain trusts.
(This used to be commit
62e36e6ede067ace23f5473d04917c7eeedf07e2)
Eloy Paris [Thu, 3 Jul 2003 02:43:49 +0000 (02:43 +0000)]
Debian updates.
(This used to be commit
617902427688de58b21c176e060b9b678ebfcd10)
Jeremy Allison [Wed, 2 Jul 2003 22:32:05 +0000 (22:32 +0000)]
Fix for idmap startup bug with remote ldap backend.
Jeremy.
(This used to be commit
16a5461dd36f138a1bb1e3a2b70d4000bba0c980)
Richard Sharpe [Wed, 2 Jul 2003 21:15:59 +0000 (21:15 +0000)]
Fixing problems in the iconv discovery stuff in configure.in.
This is the first part of the fix that at least allows configure to
walk the list of supplied locations where libiconv etc might be found.
aclocal.m4 also needs a fix, as does a later test.
(This used to be commit
20786543139c546d112f8f6b6d4d796ee7fed609)
Jeremy Allison [Wed, 2 Jul 2003 20:01:51 +0000 (20:01 +0000)]
Added fix for Japanese case names in statcache - these can change
size on upper casing. Based on patch from monyo@home.monyo.com.
Jeremy.
(This used to be commit
72e382e99b92666acdaf50a040b14aa16d48b80d)
Alexander Bokovoy [Wed, 2 Jul 2003 04:37:48 +0000 (04:37 +0000)]
Propagate changes to WHATSNEW.txt from release tree so that they would not be out of sync with reality.
(This used to be commit
8deb6370efe9ca6baac54dc5d0b0a3df04d8258f)
Gerald Carter [Wed, 2 Jul 2003 03:40:06 +0000 (03:40 +0000)]
SAMBA_3_0 will now become beta3
beta2 is captured in the release branch
(This used to be commit
4b3a15917dd6935353d8998e918c750a6c090671)
Tim Potter [Wed, 2 Jul 2003 03:07:20 +0000 (03:07 +0000)]
The default_realm parameter needs to be set in a minimal krb5.conf.
(This used to be commit
32e872f23d573057b9719e8ef37c2bdbd3e12194)
Tim Potter [Wed, 2 Jul 2003 03:04:15 +0000 (03:04 +0000)]
Fix poptOption definition for --no-pass and --kerberos options. The 'value'
field for an option should be set to an identifier to use in a switch
statement or zero if the the arg field is to be updated only.
This fixes smbclient -k always prompting for a password which we don't need.
(This used to be commit
0744e2dad372904a554019146ff6f6e31ca1b2d2)
Tim Potter [Wed, 2 Jul 2003 03:01:27 +0000 (03:01 +0000)]
Suggest the user runs kinit if smbclient -k returns NT_STATUS_MORE_PROCESSING_REQUIRED.
(This used to be commit
66c4beb28672ef335ff4d6d6a3447e4c2c337f76)
Tim Potter [Wed, 2 Jul 2003 01:37:18 +0000 (01:37 +0000)]
Update my email address.
(This used to be commit
9648e9762561296c33401079389b5d201d1e8a2f)
Tim Potter [Wed, 2 Jul 2003 01:23:13 +0000 (01:23 +0000)]
Uppercase first letter of debug level 0 statements.
(This used to be commit
05679968e207f795237bbee7b6564f365415d02f)
Tim Potter [Wed, 2 Jul 2003 01:09:17 +0000 (01:09 +0000)]
#ifdef out apparently unused function.
(This used to be commit
9324703066cfdcb65208420a12e4ab8f358ccc09)
Jelmer Vernooij [Wed, 2 Jul 2003 00:57:34 +0000 (00:57 +0000)]
Regenerate manpages
(This used to be commit
ace326ffe5adc957f4e058926e5af4e0c97bd892)
Jeremy Allison [Wed, 2 Jul 2003 00:08:29 +0000 (00:08 +0000)]
Whitespace reformat before applying a patch.
Jeremy.
(This used to be commit
bbe1276b516e1803a4a9285691674784b989b72f)
Jelmer Vernooij [Tue, 1 Jul 2003 22:58:52 +0000 (22:58 +0000)]
regenerate docs
(This used to be commit
cc02d3bc170fe5c8c4474156edb6c83720a47aa0)
Jeremy Allison [Tue, 1 Jul 2003 22:07:27 +0000 (22:07 +0000)]
Fix for bug 189 from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp>. Incorrect
call for Japanese characters.
Jeremy.
(This used to be commit
c6de5df01d470c2dab48cdd6298f450fa94f9a8e)
Jeremy Allison [Tue, 1 Jul 2003 21:47:13 +0000 (21:47 +0000)]
Adding jcmd's share ACL on XP patch. Thanks Jim !
Jeremy.
(This used to be commit
7ed1118ae61a13de2c781a94fc2394090efd1f9b)
Jelmer Vernooij [Tue, 1 Jul 2003 21:46:11 +0000 (21:46 +0000)]
Generate docs.
(This used to be commit
4255b96134e4cd8cbb29219ac2702ad8346f62f8)
Jelmer Vernooij [Tue, 1 Jul 2003 21:23:13 +0000 (21:23 +0000)]
Jelmer Vernooij [Tue, 1 Jul 2003 21:21:03 +0000 (21:21 +0000)]
Fix some syntax errors and typo's
(This used to be commit
371c9796bb3d6c0705f2e5af055a713cc9b4a652)
John Terpstra [Tue, 1 Jul 2003 21:10:25 +0000 (21:10 +0000)]
Adding idmap uid/gid smb.conf man page entries. Marking winbind uid/gid as deprecated.
(This used to be commit
8bfaf39680ea1fa2a347fa19052f69d6789ed99d)
Jelmer Vernooij [Tue, 1 Jul 2003 21:00:50 +0000 (21:00 +0000)]
Jelmer Vernooij [Tue, 1 Jul 2003 20:58:55 +0000 (20:58 +0000)]
Document "client use spnego"
(This used to be commit
b7b45794c233e37d3b78db19852ef1d44d63288c)
Gerald Carter [Tue, 1 Jul 2003 20:41:50 +0000 (20:41 +0000)]
sync with release branch
(This used to be commit
57f9333668cc56f338d8b2252a6217612b694a9f)
John Terpstra [Tue, 1 Jul 2003 20:33:52 +0000 (20:33 +0000)]
JMCD's fixes also.
(This used to be commit
adc1ca8fccbae8452026b66a473b72f459ac33ff)
John Terpstra [Tue, 1 Jul 2003 20:29:38 +0000 (20:29 +0000)]
Fix typos, add a little clarification.
(This used to be commit
8a063280cd7d547944f5c61a94a601c09fac53db)
Gerald Carter [Tue, 1 Jul 2003 18:34:31 +0000 (18:34 +0000)]
being a responsible developer for a change. Make sure to
update the docs wrt to the recent code changes.
Can someone regenerate these in the SAMBA_3_0 tree please?
Thanks.
(This used to be commit
ba448e6eb866d70daf5fe629c0f1c8c5afb1d312)
Gerald Carter [Tue, 1 Jul 2003 18:09:29 +0000 (18:09 +0000)]
syncing newer files to SAMBA_3_0
(This used to be commit
1bd76a320e92b4c9d5de6ffceaf5f6ebac1ad459)
Gerald Carter [Tue, 1 Jul 2003 18:08:11 +0000 (18:08 +0000)]
removing nisplussam
(This used to be commit
f75683995cf0d17df55a70dacd72ab2d6cd17989)
Gerald Carter [Tue, 1 Jul 2003 17:51:52 +0000 (17:51 +0000)]
* fixed volker's wbinfo -a lockup again. This one was my fault.
It was caused by the winbind_ping() call in is_trusted_domain()
o if we are a DC then we check our own direct trust relationships
we have to rely on winbindd to update the truatdom_cache
o if we are a domain member, then we can update the trustdom_cache
ourselves if winbindd is not there
(This used to be commit
22dfcafb37f7109dc455f4fb6323a25ba4f097bc)
Gerald Carter [Tue, 1 Jul 2003 16:57:38 +0000 (16:57 +0000)]
initial draft of changeset
(This used to be commit
0988e30ceaa76a165130e2fcb1785f2fac398b28)
Gerald Carter [Tue, 1 Jul 2003 15:21:43 +0000 (15:21 +0000)]
applying fix for group map conversion (patch from Kristyan Osborne)
(This used to be commit
6237fae9b8407ee04226b984a932150799191d29)
Gerald Carter [Tue, 1 Jul 2003 15:16:08 +0000 (15:16 +0000)]
fix compile problem with nisplussam
(This used to be commit
2f7051e2bcaaa45a7315208fc9b5812e6ed657d9)
Volker Lendecke [Tue, 1 Jul 2003 13:04:50 +0000 (13:04 +0000)]
Different fix for memleak just committed. This belongs into
tdb_search_list_free.
Volker
(This used to be commit
0f3822c8e71426983b960ad49511efa8707159f9)
Volker Lendecke [Tue, 1 Jul 2003 12:40:52 +0000 (12:40 +0000)]
Fix two memory leaks. tdb_search_keys allocates space for the key
strings.
Running 'net cache list' or secrets_get_trusted_domains through
valgrind gives a *huge* amount of invalid reads of one byte beyond the
indicated string length in libc's strncpy. Annoying...
Volker
(This used to be commit
0f8933ae778064ff58cdc832ce52c843631435bb)
Volker Lendecke [Tue, 1 Jul 2003 12:03:00 +0000 (12:03 +0000)]
Fix a segfault found by metze & valgrind...
Don't overwrite past the end of a string.
Volker
(This used to be commit
f036368efdcbe576552ea85a78e5e6199a2b2c6d)
Volker Lendecke [Tue, 1 Jul 2003 10:01:57 +0000 (10:01 +0000)]
Don't set a mapping that is already there.
Volker
(This used to be commit
9d317fb533c5236bef1701d322abd537beea02d5)
Andrew Bartlett [Tue, 1 Jul 2003 09:27:02 +0000 (09:27 +0000)]
Grr, the order of these arguments matters
(This used to be commit
6babc35ef9c62a48a56ef63945d09e7e06229666)
Andrew Bartlett [Tue, 1 Jul 2003 07:29:23 +0000 (07:29 +0000)]
Make smbpasswd use the higher log level for the second run - this should
help us debug failures in smbpasswd.
Andrew Bartlett
(This used to be commit
dcdbd530a6c74ecf09a96067c40be5813dd646c8)
Gerald Carter [Tue, 1 Jul 2003 05:45:16 +0000 (05:45 +0000)]
fix typos in log messages and comments.
(This used to be commit
fd24183ec30688f3699e466bd4d908b24918e328)
Gerald Carter [Tue, 1 Jul 2003 04:11:42 +0000 (04:11 +0000)]
* revert change to get_global_sam_name()
* add get_default_sam_name() to be used by make_user_info_map()
* add comments describing get_*_sam_name()
(This used to be commit
90470366ea4bdb8021a3453c4bbeb29f009668c1)
Gerald Carter [Tue, 1 Jul 2003 03:49:41 +0000 (03:49 +0000)]
* fix the trustdom_cache to work when winbindd is not running.
smbd will update the trustdom_cache periodically after locking
the timestamp key
(This used to be commit
7bc4b65b91f98271089335cc301146d5f0c76c3a)
Jeremy Allison [Tue, 1 Jul 2003 00:35:11 +0000 (00:35 +0000)]
Fixed the latest complaint from jcmd :-). We were storing -1 for the
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute.
Creator Owner and Creator group now show up as inherited correctly (I
think :-). Jim please test.
Jeremy.
(This used to be commit
dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)
Jeremy Allison [Mon, 30 Jun 2003 22:07:47 +0000 (22:07 +0000)]
Merge ... Volkers patch to make the logic clearer (with my mod).
Jeremy.
(This used to be commit
1714eb6bef627ebcfb6db03e58fdd02ea502c6e1)
Jeremy Allison [Mon, 30 Jun 2003 21:04:12 +0000 (21:04 +0000)]
Fix missing ret = found by Volker.
Jeremy.
(This used to be commit
ba112bb3fdb4e81d8f6ab1ccc4a68960f71ccb23)
Gerald Carter [Mon, 30 Jun 2003 20:45:14 +0000 (20:45 +0000)]
* cleanup more DC name resolution issues in check_*domain_security()
* is_trusted_domain() is broken without winbind. Still working on this.
* get_global_sam_name() should return the workgroup name unless we
are a standalone server (verified by volker)
* Get_Pwnam() should always fall back to the username (minus domain name)
even if it is not our workgroup so that TRUSTEDOMAIN\user can logon
if 'user' exists in the local list of accounts (on domain members w/o
winbind)
Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0
domain member not running winbindd.
notes: make_user_info_map() is slightly broken now due to the
fact that is_trusted_domain() only works with winbindd. disabled
checks temporarily until I can sort this out.
(This used to be commit
e1d6094d066d4c16ab73075caba40a1ae6c56b1e)
Jeremy Allison [Mon, 30 Jun 2003 20:41:40 +0000 (20:41 +0000)]
Valgrind found a bug (subtracting a pointer from a length rather than the
length of what the pointer points to).
Jeremy.
(This used to be commit
492a96e9922c1ef96b967f2965f8bba1f5bc8f23)
Jeremy Allison [Mon, 30 Jun 2003 18:53:48 +0000 (18:53 +0000)]
Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we were
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct
algorithm.
Jeremy.
(This used to be commit
fa23a4158ec23c0b8dbdc6c53f29958243107dee)
Gerald Carter [Mon, 30 Jun 2003 17:26:45 +0000 (17:26 +0000)]
removing old code
(This used to be commit
80df684b72f273f9efc0c00646f26d17f1b4bc70)
Gerald Carter [Mon, 30 Jun 2003 17:24:59 +0000 (17:24 +0000)]
* rename samstrict auth method to sam
* rename original sam auth method to sam_ignoredomain
* remove samstrict_dc auth method (now covered by 'sam')
* fix wbinfo -a '...' and getent passwd bugs when running
winbindd on a samba PDC (reported by Volker)
(This used to be commit
52166faee793d337e045d64f7cb27ea7ac895f60)
Gerald Carter [Mon, 30 Jun 2003 16:18:29 +0000 (16:18 +0000)]
fix for platforms that don't have unsetenv().
we now have to check the value for _NO_WINBINDD.
"1" enables, and != "1" disables (use "0" by convention).
(This used to be commit
11eccaef1dc61d80a7db8d0fb4bc5a47d71a4390)
Volker Lendecke [Mon, 30 Jun 2003 14:55:45 +0000 (14:55 +0000)]
Add the 'guest' passdb backend automatically if
guest account != ""
Volker
(This used to be commit
21d330af107f744af9569b5577afc6e7ba6a269c)
Tim Potter [Mon, 30 Jun 2003 05:45:27 +0000 (05:45 +0000)]
Yet more shadow variable warnings.
(This used to be commit
b401e78b6eb7efa2af74a7e645c3b34091041769)
Tim Potter [Mon, 30 Jun 2003 05:44:05 +0000 (05:44 +0000)]
Fix more shadow variable warnings.
(This used to be commit
10c51bbef83dabd99f129fc7ff0e3fe47c393c67)
Tim Potter [Mon, 30 Jun 2003 05:42:15 +0000 (05:42 +0000)]
Fix shadow variable warnings.
(This used to be commit
5ffb8e0920be2da19ac3f442b9bf56c159011822)
Andrew Tridgell [Mon, 30 Jun 2003 02:11:13 +0000 (02:11 +0000)]
- added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)
- changed --enable-developer debug to use -gstabs as it makes the
samba binaries about 10x smaller and is still quite functional for
samba debugging
(This used to be commit
53bfcd478a193d4def8da872e92d7ed8f46aa4b9)
Gerald Carter [Sun, 29 Jun 2003 03:39:50 +0000 (03:39 +0000)]
Here's the code to make winbindd work on a Samba DC
to handle domain trusts. Jeremy and I talked about this
and it's going in as working code. It keeps winbind clean
and solves the trust problem with minimal changes.
To summarize, there are 2 basic cases where the deadlock would
occur. (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.
o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
the username includes the 'winbind separator'.
o Case #2 is handled by adding checks in winbindd to return failure
if we are a DC and the domain matches our own.
This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain'). The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.
Other misc fixes:
* we need to fix check_ntlm_password() to be able to determine
if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
etc...). I worked around my specific situation, but this needs to be
fixed. the winbindd auth module was causing delays.
* fix named server mutex deadlock between trust domain auth module
and winbindd looking up a uid
* make sure SAM_ACCOUNT gets stored in the server_info struct for the
_net_sam_logon() reply.
Configuration details:
The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.
* set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
* create domain trusts like normal
* join winbind on the pdc to the Samba domain using 'net rpc join'
* add normal parameters to smb.conf for winbind
* set 'auth method = guest sam winbind'
* start smbd, nmbd, & winbindd
Problems that remain:
* join a Windows 2k/XP box to a Samba domain.
* create a 2-way trust between the Samba domain
and an NT domain
* logon to the windows client as a user from theh trusted
domain
* try to browse server in the trusted domain (or other
workstations). an NT client seems to work ok, but 2k
and XP either prompt for passwords or fail with errors.
apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit
f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
Gerald Carter [Sat, 28 Jun 2003 08:29:42 +0000 (08:29 +0000)]
add check for NT_STATUS_NOT_IMPLEMENTED in auth check so that
map to guest = bad user works again when "trustdomain" is listed
as last auth method.
Also clean up some more DC location calls.
(This used to be commit
77a5b1032f39b8d20925721b719fdcfff910cb06)
Gerald Carter [Sat, 28 Jun 2003 08:24:32 +0000 (08:24 +0000)]
cleaning up after the s/in_addr/ip_service/ switch for the get_dc_list() patch
(This used to be commit
303fdc516c79b170d7c12fe2f6264d9636673347)
Jeremy Allison [Fri, 27 Jun 2003 20:55:48 +0000 (20:55 +0000)]
Some const correctness. Stop tdb being used as a remote backend. If an
idmap backend is specified cause smbd to ask winbindd (use winbindd if
you want a consistant remote backend solution).
Should work well enough for next beta now...
Jeremy.
(This used to be commit
8f830c509af5976d988a30f0b0aee4ec61dd97a3)
Jeremy Allison [Thu, 26 Jun 2003 23:48:46 +0000 (23:48 +0000)]
Add include guards around idmap.h, change ID_NOMAP to ID_QUERY_ONLY
and ID_CACHE to ID_CACHE_SAVE. Added locking around tdb writes & deletes
for multi-process access.
Jeremy.
(This used to be commit
5b998cdc1d552234236862f6a2bbae703b0c146e)
Jeremy Allison [Thu, 26 Jun 2003 18:26:52 +0000 (18:26 +0000)]
As has been pointed out, ordering here doesn't matter so use normal
add.
Jeremy.
(This used to be commit
030b35ca0fc9fe49610084c6c1be95241157564b)
Jelmer Vernooij [Thu, 26 Jun 2003 17:33:58 +0000 (17:33 +0000)]
Remove the MODULES_CLEAN variable. It's no longer necessary since
object files for modules are in .po files, while object files for
static use are in .o files. Pointed out by metze.
This reduces the number of files that have to be recompiled after the Makefile
changes. Preventing unnecessary recompiling of the other few is high
on my todo list.
(This used to be commit
b9b46d43c7c39d6738c254c4a148bdb93cae02e3)
Jelmer Vernooij [Thu, 26 Jun 2003 17:29:09 +0000 (17:29 +0000)]
Move up intialisation of logging, so we catch errors in handling 'preload modules'
(This used to be commit
13b81d0d92b9e28eaab18f5437060e79f6075f9e)
Alexander Bokovoy [Thu, 26 Jun 2003 08:12:47 +0000 (08:12 +0000)]
Document name resolve order suggested settings for security=ads as mentioned by Jerry
(This used to be commit
0413385feb71e15c9b2f331417ce24c985f1fe8d)
Gerald Carter [Thu, 26 Jun 2003 05:26:20 +0000 (05:26 +0000)]
cleaning up more build issues. Tested
"--with-ads=no --with-ldap=yes" and "--with-ads=yes && make everything"
(This used to be commit
3e9e4bb7d1a2f5a95539f415aa101f033b67932a)
Jeremy Allison [Thu, 26 Jun 2003 00:19:57 +0000 (00:19 +0000)]
Fix immediate bug where the idmap can't tell the difference between an entry
not being present (and so allocate another) and an entry that is present but
of the wrong type. This code still has major problems...
Jeremy.
(This used to be commit
a304bc5ff134df118754d9e8d2b2680b4101e438)
Jelmer Vernooij [Wed, 25 Jun 2003 20:58:33 +0000 (20:58 +0000)]
Add netlogon debug registry key info
(This used to be commit
ffaddd8202aeb7a442aa565e19a76a5f407c9f91)
Gerald Carter [Wed, 25 Jun 2003 20:16:53 +0000 (20:16 +0000)]
fix linking of some things that are not built by default
(This used to be commit
42133092a40e7979b29c8cc82c662d54bc399e6e)
Gerald Carter [Wed, 25 Jun 2003 19:49:27 +0000 (19:49 +0000)]
ifdef out some functions that are not used when HAVE_ADS is not defined
(This used to be commit
2d192e0431c7b754cf9db2306acb01fbe4068a14)
Gerald Carter [Wed, 25 Jun 2003 19:39:16 +0000 (19:39 +0000)]
fix build on non-ldap platforms
(This used to be commit
a59ea1d6d32337226f6099eefd19681fb28279c0)
Jeremy Allison [Wed, 25 Jun 2003 19:01:17 +0000 (19:01 +0000)]
Ensure idmap backends are added in the correct order (DLIST_ADD puts
things at the *front* of the list). Add more debug. Still broken.. :-(.
Jeremy.
(This used to be commit
dd9251e6f51f229ca1fab23d9b06f5bb68644fab)
Gerald Carter [Wed, 25 Jun 2003 19:00:15 +0000 (19:00 +0000)]
* fix typos in a few debug statements
* check negative connection cache before ads_try_connect()
in ads_find_dc()
(This used to be commit
2a76101a3a31f5fca2f444b25e3f0486f7ef406f)
Gerald Carter [Wed, 25 Jun 2003 18:08:00 +0000 (18:08 +0000)]
forgot one file
(This used to be commit
ef978bd851431da373e005177504dbef2611cf4f)
Gerald Carter [Wed, 25 Jun 2003 17:41:05 +0000 (17:41 +0000)]
large change:
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit
d7f7fcda425bef380441509734eca33da943c091)
Andrew Bartlett [Wed, 25 Jun 2003 12:51:58 +0000 (12:51 +0000)]
Patch to move functions directly from pdb_ldap.c into lib/smbldap.c
The functions are unchanged. Next step is to make idmap_ldap use them.
Andrew Bartlett
(This used to be commit
57617a0f8c84f9ced4df2901811ce5a5a5ae005e)
Tim Potter [Wed, 25 Jun 2003 12:20:29 +0000 (12:20 +0000)]
Metze assures me that this will fix Heimdal et al.
I think the lesson to take away here is that refactoring configure.in
is a hazardous task and should only be attempted if you have a lot
of time and patience!
(This used to be commit
5ba121ac9d75de72261521cb1066ed585b68c307)
Volker Lendecke [Wed, 25 Jun 2003 10:18:22 +0000 (10:18 +0000)]
Fix a warning in a DEBUG
Clean up the init a little bit, less nested if-statements.
Agreed upon with Simo.
Volker
(This used to be commit
fdcfefd7f1be55307ccd59290efd249981198e1e)
Simo Sorce [Wed, 25 Jun 2003 08:15:51 +0000 (08:15 +0000)]
Tought I already done.
Set back 3.0 to use only winbindd_idmap.tdb as idmap database as told on
samba-technical.
Tested and working so far.
(This used to be commit
e154e50fed8968567f75fcd581de2b41914ea2c1)
Tim Potter [Wed, 25 Jun 2003 02:24:48 +0000 (02:24 +0000)]
Only append to KRB5_LIBS when doing AC_CHECK_LIB for libkrb5.
I think we are done with MIT Kerberos for the moment. The Heimdal detection
looks like it has been broken for ages so it's next on the list.
(This used to be commit
7690a722f99485f717215787db168f6878422f2f)
Tim Potter [Wed, 25 Jun 2003 01:33:27 +0000 (01:33 +0000)]
Don't trash the values of CFLAGS and LIBS while engaged in Kerberos
detection. On Solaris 9 extra libraries -lber and -lresolv are
required for Kerberos tests. We used to have an extra check for
-lresolv only but I think the correct solution is not to forget about it
in the first place.
This should fix bug #125 although I don't have access to a
system to test it out on.
(This used to be commit
4ddfab4a572782cd83588eff4fbb599f6c4e770c)
Jeremy Allison [Wed, 25 Jun 2003 00:28:46 +0000 (00:28 +0000)]
More debugs for this... (these should have been here already !).
Jeremy.
(This used to be commit
a118648d9505d54850ffad1e9ce7a2c3d279df9f)
Jeremy Allison [Wed, 25 Jun 2003 00:11:38 +0000 (00:11 +0000)]
More instrumentation tracking down this bug...
Jeremy.
(This used to be commit
705915d9f71504f8ae04444352c80811c5a6f1ac)
Jeremy Allison [Wed, 25 Jun 2003 00:02:17 +0000 (00:02 +0000)]
Start to instrument this code as I try and track down a nasty bug that
causes mapping to dissapear...
Jeremy.
(This used to be commit
bdffc81c9d1eeab26e4dba017a99bb9cc9131493)